JSR 303: Time to Standardize Validation

Jason Carreira (who wrote the XWork validation framework) has submitted JSR 303 to standardize a meta-model and and API for JavaBean validation. The JSR has just been submitted and has not yet been approved by the JCP EC, but if approved the API could provide a consistent validation approach across tiers and within other standards and frameworks. InfoQ spok to Jason to find out more about the potential of JSR 303.

According to Jason, there is a need for this standard because:

Validation is done now in an ad-hoc fashion across all of the application tiers, and usually ends up being duplicated. There are some frameworks, like commons-validator and the XWork validation framework, which look to provide a reusable framework for validation, but very few organizations make full use of validation across the view and model tiers, and there's a lot of duplication and wasted effort in this area. There's also a need to plug in validation in several other JSR's, for example JSF and JPA. In order for these JSRs to not duplicate validation efforts, there needs to be a validation JSR for them to reuse since they can't be based on using an opensource library.

On the types of validation that will be specified in the metamodel:

I think more than anything it's important to define the framework for applying validations and defining validators. The common validations will be included, such as "required", date and number ranges, etc. Depending on how the Expression Language JSR is progressing, we may be able to have an EL validator that gives a more ad-hoc validation mechanism. I'm also hoping to keep the ability to pass validation along to a sub-property to apply that objects validations, like we do with the XWork validation framework with the Visitor field validator. The Visitor field validator really enables the modular reuse of domain model validations across different validation contexts.

I think the most important thing, though, will be to define the ability to build your own custom validations using both annotations and XML meta-data. Obviously the limitations of annotations provide interesting challenges here, but we've got some time to work that out.

On how how the validation facility could be used consistently across different tiers:

Well, I'll have to use the XWork validation framework as the example. I built the XWork validation framework while we were facing issues of implementing consistent validations across both the view tier and the domain model for batch processing at Notiva. At my current employer, ePlus, we apply our validations to our Hibernate mapped domain model classes and use the validations in our web UI and also in our batch import processing. Mostly these validations are the same, but there's also some validations which are UI specific, for example entering the password twice when adding a new user. The concept of validation context specific validations in the XWork validation framework allow us to have a common set of validations which are always applied, and also have additional validations which are specific to whether the validation is done in a web UI context or a batch processing context. It's all a common set of validation meta-data, but the context-sensitive ability lets us customize the validations to the use case.

Jay Bose and Matt Raible also blogged approval of the initiative, with Matt adding "In an ideal world, the RIFE, Spring MVC, Stripes, Struts, Tapestry and Wicket developers will all participate and allow JSR-303's result to be used as their framework's validation engine. I think it's a given that this will be usable with JSF."

While I agree with Matt that I'd love to have people from those web frameworks involved, it's also important to point out that this is not just a web validation spec. I joined the JSR-295 Bean Binding expert group to make sure JSR-303 will align with it. Bean Binding started as a Swing UI idea for binding UI form fields to bean properties, but is now a JavaBean spec that's not platform dependent. Likewise, my background is in web application development, but bean validation is just as important in a rich client Swing UI application as it is in a web application, so we're definitely going to support both by being an extension to the JavaBean contract for POJOs.

I vote yes on this baby, but I'd like to put in an early spec request.

When I need to do custom validations, I frequently find that my logic is too complex to be expressed in ExpressionValidator. I hope you will add support for a validator that allows you to delegate to a custom boolean method within the class.

As much as folks seem to gush over XML, it seems like there may be a potential for scripted validation to be easier to manage and work with. Specifying validation rules in a Javascript or Ruby would be easy to read, and with the Java 6 release we've got Javascript out-of-the-box. Does it make sense to now start considering using scripting languages for roles like validation where we've been mostly declarative in the past?